Britain's 'Critical Infrastructure' Under E-Mail Attack

Cyber-security officials in Great Britain issued an unusually dire alert today, warning that hackers are targeting e-mail-borne viruses against U.K. government agencies and high-profile British corporations with the aim of stealing sensitive and lucrative data.

The increasingly sophisticated attacks appear to be custom-made for each target, focusing specifically on individuals who have jobs working with commercially or economically sensitive data, according to a document released today by the National Infrastructure Security Co-ordination Centre. The attackers craft the e-mails so that they appear to originate from trusted contacts, news agencies or government departments, using distribution lists to target large numbers of recipients with similar interests, the report noted.

The NISCC -- the British equivalent of the Department of Homeland Security's National Cyber Security Division -- said it was releasing the information in the hope that companies and government computer users would be more vigilant about clicking on attached documents and Web links that arrive via e-mail.

"Parts of the U.K.'s critical national infrastructure are being targeted by an ongoing series of e-mail-borne electronic attacks. While the majority of the observed attacks have been against central government, other U.K. organizations, companies and individuals are also at risk."

The e-mails will often carry a short message urging the user to click on the Web link or attached file. The links and attachments attempt to download a "Trojan horse," a type of program named after the legendary stealth attack because it let hackers take quiet control of unsecured computers. Security firms have catalogued thousands of "Trojans" in recent years, and several new ones are spotted each week.

A wire story from the Associated Press quotes NISCC Director Rogert Cumming as saying, "We have never seen anything like this in terms of the industrial scale of this series of attacks. This is not a few hackers sitting in their bedroom trying to steal bank account details from individuals."

The AP piece notes that the NISCC traced the attacks back to computers in "the Far East," though those systems may not be the true source of the assaults, as hackers frequently route their attacks through multiple compromised computers.

Trojans can cause serious damage inside a network. They can be used to collect usernames and passwords, upload documents and data to a remote computer, even relay attacks against other computers and networks. Because most are configured to transmit data back to the attackers using the same methods as a common Internet browser, such communication is very hard to distinguish from regular outgoing Web traffic.

I've said it before, but it bears repeating: Never open, accept or download an e-mailed file or click on a Web link in an instant message if it comes from someone you don't know -- and even if you do know them, don't open it unless you know what the file or link is and were expecting it. If it comes from someone you know and you weren't expecting it, contact the sender by phone, e-mail or reply back to the message and ask what they're asking you to look at.